Web Exploitation / Web Information Gathering / Web Vulnerability Analysis

vault_scanner: swiss army knife for hackers

by do son · Published June 18, 2019 · Updated June 17, 2019

VAULT

Swiss army knife for hackers

Features

Scan website for the following vulnerabilities

XSS
LFI
RFI
SQLi

Scanner

Port scanning : ACK, FIN, NULL, XMAS
IP scanning : Ping Sweep, ARP
SSL vulnerability scan
OS scan
Hash scanner : MD5, SHA1, SHA224, SHA256, SHA512

Others

Crawling

Crawl a website and collect all the links
Crawl and scrape the website for images

Attacks

Utilities

Install

git clone https://github.com/abhisharma404/vault_scanner.git
cd vault_scanner
sudo apt-get install python3-pip
sudo pip3 install virtualenv
virtualenv venv
source venv/bin/activate
pip3 install -r requirements.txt
Starting Vault :

cd vault_scanner/src
python3 vault.py

Usage

usage: vault.py [-h] [-u URL] [-p PORT] [-sp START_PORT] [-ep END_PORT] [-ssl]

                [-info] [-comment] [-fuzz] [-ip IP] [-t THREADS]

                [-source_port SOURCE_PORT] [-fin] [-null] [-ack] [-xmas] [-c]

                [-xss] [-this] [-ping_sweep] [-ip_start_range IP_START_RANGE]

                [-ip_end_range IP_END_RANGE] [-lfi] [-whois] [-o OUTPUT]

                [-d DORK]



optional arguments:

  -h, --help            show this help message and exit

  -u URL, --url URL     URL for scanning

  -p PORT, --port PORT  Single port for scanning

  -d DORK,--dork DORK   Performs Google Dorking

  -sp START_PORT, --start_port START_PORT

                        Start port for scanning

  -ep END_PORT, --end_port END_PORT

                        End port for scanning

  -ssl                  perform SSL scan

  -info                 Gather information

  -comment              Finding comments

  -fuzz                 Fuzzing URL

  -ip IP, --ip IP       IP address for port scanning

  -t THREADS, --threads THREADS

                        Number of threads to use

  -source_port SOURCE_PORT

                        Source port for sending packets

  -fin                  Perform FIN Scan

  -null                 Perform NULL Scan

  -ack                  Perform TCP ACK Scan

  -xmas                 Perform XMAS Scan

  -c, --crawl           Crawl and collect all the links

  -xss                  Scan for XSS vulnerabilities

  -this                 Only scan the given URL, do not crawl

  -ping_sweep           ICMP ECHO request

  -ip_start_range IP_START_RANGE

                        Start range for scanning IP

  -ip_end_range IP_END_RANGE

                        End range for scanning IP

  -lfi                  Scan for LFI vulnerabilities

  -whois                perform a whois lookup of a given IP

  -o OUTPUT, --output OUTPUT

                        Output all data